adminmat Posted December 19, 2020 Share Posted December 19, 2020 Really curious if someone here has used the same upgrade path. I'm sure there is much I'm not considering and leaving out as I'm a just a home gamer, noob. Currently running an EdgerouterX / Unifi Switch combo with unifi APs. Now that my network is getting more complex with internet facing services and segregated VLANs I'm thinking about a change. Specifically I'd like to be able to manage everything under one portal and have better control over VLANs. I really don't like how the Edgerouter works with the Unifi switch so I'm thinking: 1 - Go all EdgeX: Replace Unifi switch with Edge Switch. (only need unifi Controller for APs) 2- Go all Unifi: Replace Edgerouter with USG. (everything under Controller) 3- Go pfSense on unRAID. My thoughts on these setups: 1- Excellent control, can all be managed under UNMS. More traditional GUI management method. More seamless management. (L3 switch / routing?) 2- Little experience with Unifi Controller. Seems to have some shiny fluff (could be wrong). How is the VLAN config, firewall setup? 3- Intimidating setup. Could push > 1gbE with new switch maybe a L3 10gbE switch? (needed for internal network workflow only) Quote Link to comment
Spyderturbo007 Posted December 19, 2020 Share Posted December 19, 2020 I think UNMS requires a minimum of 10 devices under your account to use their service. So unless you have clients using it then you're kind of out of luck on that one. My buddy as a USG and it's nice looking inside of the controller, but it's lacking a lot of functionality over the ERX. I have no experience with pfSense. This guy does some great videos on this kind of stuff. Quote Link to comment
adminmat Posted December 19, 2020 Author Share Posted December 19, 2020 1 hour ago, Spyderturbo007 said: I think UNMS requires a minimum of 10 devices under your account to use their service. So unless you have clients using it then you're kind of out of luck on that one. My buddy as a USG and it's nice looking inside of the controller, but it's lacking a lot of functionality over the ERX. I have no experience with pfSense. This guy does some great videos on this kind of stuff. I'm literally watching one of Lawrence's videos now on Avahi I'm curious if the USG has caught up to EdgeX, I see they do continue add features. Looks like it's their free UNMS cloud access that requires 10 devices. I assume you can host your own instance of UNMS. And you'd also have to set up your own method of remote access. Seems like a pain. Quote Link to comment
Ford Prefect Posted December 19, 2020 Share Posted December 19, 2020 ...I could never get my head around the semantics of how a firewall works in BSD/pfsense. Also I found the Ubiquity gear to be inconsistant in terms of UI-Interface across the different lines and models. I completely switched to Mikrotik gear...their pricepoint for 10Gbps capable equipment is one of the lowest and their switches and routers with SFP+ ports are not picky when it comes to the make/model of the tranceiver. I startet with a RouterOS VM on unraid (even a small 2GB vdisk and 128MB RAM will do) but even with a Quad-NIC in passthrough, because of the lack of a hardware accelerates Switch-Chip, the performance for 10G network needs some beefier CPU. I am now running a RB4011 as router and a CRS326 as main switch and 10G-Link in between....unraid with VLANs, currently with a iT350-Quad in bonding mode...some ConnectX-3 cards are on on their way. Once you know how to work with RouterOS, the flexibility is really great and all gear uses the same UI/Config model. RouterOS also gets frequent updates and set of documentation online is also very good. So, IMHO there is another option 3 (with Mikrotik CHR in a VM or going for a real RouterBoard). Quote Link to comment
adminmat Posted December 21, 2020 Author Share Posted December 21, 2020 On 12/19/2020 at 6:40 PM, Ford Prefect said: So, IMHO there is another option 3 (with Mikrotik CHR in a VM or going for a real RouterBoard). Thanks for sharing your setup. I've considered Mikrotik in the past. I was concerned about lack of community support. Do you think it's grown enough to help when you get stuck on something? I didn't know about their RouterOS. I'll have to look more into that. I definitely want a standalone router, not running it in a VM mostly for the fact that I take my server down at times. If I go pfSense I'll probably roll my own in a 1U chassis. My brother gave me his old USG 3P to try out. I got it up and running in a test network this weekend. It's nice but I'm still leaning towards pfSense. My unRAID server mobo has 10gbE rj45 ports. I'd like to take advantage of that but it seems like a rj45 10gbE switches are pretty pricey. Maybe there is a converter? 🤷♂️ Or maybe it's better just to use a ConnectX-3 card. Quote Link to comment
Ford Prefect Posted December 21, 2020 Share Posted December 21, 2020 (edited) Ubiquiti gear is *very* pricey when it comes to 10G equipment. As said, MT is currently the sweetspot here. The community support is great, as their wiki covers almost anything and their forum is a good resource, like here for VLANs: https://forum.mikrotik.com/viewtopic.php?f=13&t=143620 RouterOS is standard for their routers and for the CRS-line of switches (the CSS line only supports SwitchOS, which is more lightweight but OK for a basic Switch...simple to use). For 10G, they offer a lot of models with some or many SFP+ ports. In general, I'd recommend true fiber transceivers and fiber patch-"cables"...less heat compared to Copper Base-T/CAT7 Ports or SFP+ modules. I do source transceivers, DACs or AOCs from here: https://www.fs.com A converter I find way to expensive, compared to something like this: https://skinflint.co.uk/mikrotik-cloud-router-switch-crs305-dual-boat-desktop-10g-smart-switch-crs305-1g-4s-in-a1923200.html This is the Router I use, with 10x 1g + 1x 10G/SFP+: https://skinflint.co.uk/mikrotik-routerboard-rb4011-router-rb4011igs-rm-a1923183.html Edit: for your existing setup to your unRaid server use this tranceiver: https://skinflint.co.uk/mikrotik-routerboard-10g-lan-transceiver-s-rj10-a1827894.html ... but only deploy one in every second SFP+ port if the switch is one without active cooling The only thing, compared to pfsense/opnsense is, that an IDS like snort is not part of RouterOS, as well as vpn support besides ipsec (but with running unraid, a docker is always at hand and more flexible to use). Edited December 21, 2020 by Ford Prefect Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.